Category: Training

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.
That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.
I built the supporting infrastructure in AWS using Terraform which you can read about in Part 2 of my blog, and then scripted user setup across all environments as described in Part 3. Continue reading “Building a cloud security training platform – Pt 4: Security Features”→

My 44CON Cloud Security and DevSecOps training course this June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own. As I described in Part 1, I also decided to build a training platform, so that students can connect to a virtual desktop in the cloud with all the software they need pre-installed.

That way they can come on to the course with any laptop or even tablet which supports the Amazon WorkSpaces client.

44CONnect is an invite-only event taking place on the 6th of June, somewhere in London. The purpose of the day is to bring together people attending 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

Tickets for September training courses are now on sale in the shop. There are 9 courses to choose from so we thought we’d give you a quick run down in one place. Don’t forget we still have seats available for our June 6th/7th courses.

Part 1 – Proof of Concept

The Cloud Security and DevSecOps training course I’m delivering for 44CON in June includes AWS, Azure and GitHub accounts which the students use so they don’t need to create their own.

Wouldn’t it be great if students could turn up with any laptop, or even an iPad, and do the course. And the time spent on the labs would be used to learn about cloud security and DevSecOps, not debugging software installation issues.

44CONnect is a 1-day invite-only event taking place on the 13th of March, somewhere in London. The purpose of the day is to bring together people doing 44CON training, so they can connect with trainers and people on different courses. It’s our way of giving people who’ve attended our courses the chance to get a taste of upcoming training, and the opportunity to get some extra credit to take back to the office.

Booked an early-bird 44CON 2019 ticket once they’re on sale, and be randomly* selected

There are 20 tickets available, so make sure you qualify!

Our trainers from the last two days of training will deliver talks, as well as some of those delivering courses later this year. All of our training course delegates are invited, for whom lunch will be included. Early bird ticket holders invited to the event will have to buy their own lunch, as we can’t book it for them in advance.

There’ll be a special round of lightning talks for training delegates to deliver a short talk about something they learned on their course. Those speaking will get a small certificate of thanks that they can take back to the office.

Drinks have been organised for the evening, but we need to be in bed early for CRESTCon the next day.

*Early-bird ticket holders will be chosen at random throughout February, although unsubstantiated rumours abound that asking for an invite on your ticket order may drastically improve your chances…

We’ve offered training courses around 44CON for a long time. We provide a mix of high-end focused course on everything from exploiting Windows Kernel bugs to broader, more generalist courses on web application security and security monitoring. From this year onwards, we’re expanding this to a quarterly schedule.

That’s right, you no longer have to wait a year to sit a high quality training course!

Our 12 month schedule is available here, and you can check out our first courses scheduled for the 11th and 12th of March 2019:

I have learned a lot about how to track malware and attackers in network traffic while developing and improving the network forensics tool NetworkMiner throughout the past 10 years. The primary purpose of NetworkMiner has always been to help incident responders and forensic investigators to do their job more efficiently. Even though NetworkMiner is my favourite tool for analysing PCAP files I’m still a regular user of other tools such as Wireshark, tshark, tcpdump, Argus, ngrep, tcpflow and of course CapLoader. However, incident response and forensic work is much more than just knowing what tools to use. It is more about knowing what data to analyze and why.

I will teach several of my favourite techniques for analysing intrusions, tracking criminals and doing threat hunting at the Network Forensics Training at 44CON. The participants will learn how to investigate intrusions and find forensic artefacts in a dataset of several gigabytes of captured network traffic. The training primarily focuses on practical analysis techniques for finding and tracing malicious actors, which involves a great deal of hands-on practice with finding evil in PCAP data.

The first day of training focuses on analysis using only open source tools. The second day primarily covers training on the commercial software from Netresec, i.e. NetworkMiner Professional and CapLoader. All students enrolling in the class will get a full 6 month license for both these commercial tools. This training is not only a unique opportunity to learn how to use NetworkMiner and CapLoader directly from the guy who develops them, it is also a great excuse to spend two full days playing around with PCAP files.